package com.sinosoft.web.common.shiro.interceptors;

import cn.com.sinux.spring.exception.BusinessException;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 权限拦截类
 * PermissionInterceptorAdapter.java
 *
 * @author wangjie
 * @Description : 该类功能描述
 * @Date 2015-12-25_下午2:10:24
 * @version: v1.1.0
 * Modification History: Date Author Version Description
 */
public class PermissionInterceptorAdapter extends HandlerInterceptorAdapter {

//    public void afterCompletion(HttpServletRequest request,
//                                HttpServletResponse response, Object obj, final Exception e)
//            throws Exception {
//        HandlerMethod handler2 = (HandlerMethod) obj;
//        RequiresPermissions checkPermission = handler2.getMethodAnnotation(RequiresPermissions.class);
//        ResponseBody body = handler2.getMethodAnnotation(ResponseBody.class);
//        final LoginUser loginUser = AuthContextHelper.getLoginUser();
//        if (checkPermission != null && loginUser != null) {
//            SysResource resource;
//            String permission = checkPermission.value()[0];
//            if (body == null) {
//                resource = resourceService.findResourceByPermission(permission);
//                createLogInfo(resource.getResourceName());
//            } else {
//                if (!permission.contains("list")) {
//                    resource = resourceService.findResourceByPermission(permission);
//                    createLogInfo(resource.getResourceName() + " 成功");
//                }
//                if (e != null) {
//                    resource = resourceService.findResourceByPermission(permission);
//                    createLogInfo(resource.getResourceName());
//                }
//            }
//        } else if (checkPermission == null && loginUser != null) {
//            if ("index".equals(handler2.getMethod().getName()) && request.getSession().getAttribute("LOGIN_FLAG") != null) {
//                createLogInfo("登录成功");
//                request.getSession().removeAttribute("LOGIN_FLAG");
//            }
//        }
//    }

    public boolean preHandle(HttpServletRequest request,
                             HttpServletResponse response, Object handler) throws Exception {
        return true;
//        HandlerMethod handler2 = (HandlerMethod) handler;
//        RequiresPermissions checkPermission = handler2.getMethodAnnotation(RequiresPermissions.class);
//        boolean isPermissioin = false;
//        Subject subject = SecurityUtils.getSubject();
//        //没有获得注解  及不需要权限-- 则直接运行
//        if (null != checkPermission) {
//            String[] permission = checkPermission.value();
//            for (String per : permission) {
//                //当前登录人 具有权限
//                if (subject.isPermitted(per)) {
//                    isPermissioin = true;
//                    break;
//                }
//            }
//        } else {
//            isPermissioin = true;
//        }
//        if (isPermissioin) {
//            //有执行方法或权限不拦截
//            return true;
//        } else {
//            //跑出无权限异常
//            throw new BusinessException("用户没有权限访问");
//        }
    }

}

